CVSS: 9.3EPSS: 8%CPEs: 14EXPL: 0CVE-2022-28240 – Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-28240
28 Apr 2022 — Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-16.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 8%CPEs: 14EXPL: 0CVE-2022-28242 – Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-28242
28 Apr 2022 — Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-16.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 19%CPEs: 14EXPL: 0CVE-2022-24102 – Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24102
28 Apr 2022 — Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-16.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2022-24735 – Lua scripts can be manipulated to overcome ACL rules in Redis
https://notcve.org/view.php?id=CVE-2022-24735
27 Apr 2022 — Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weakne... • https://github.com/redis/redis/pull/10651 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28085 – Gentoo Linux Security Advisory 202405-07
https://notcve.org/view.php?id=CVE-2022-28085
27 Apr 2022 — A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). • https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-24881 – Command Injection in Ballcat Codegen
https://notcve.org/view.php?id=CVE-2022-24881
26 Apr 2022 — In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. • https://github.com/ballcat-projects/ballcat-codegen/commit/84a7cb38daf0295b93aba21d562ec627e4eb463b • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 47%CPEs: 1EXPL: 5CVE-2022-29078
https://notcve.org/view.php?id=CVE-2022-29078
25 Apr 2022 — The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). El paquete ejs (también se conoce como plantillas JavaScript Insertadas) versión 3.1.6 para Node.js, permite una inyección de plantillas del lado del servidor en settings[view options][outputFunctio... • https://github.com/miko550/CVE-2022-29078 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-27135 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2022-27135
25 Apr 2022 — Un atacante puede explotar este bug para causar una denegación de servicio (fallo de segmentación) u otros efectos no especificados mediante el envío de un archivo PDF diseñado al binario pdftoppm Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29264
https://notcve.org/view.php?id=CVE-2022-29264
25 Apr 2022 — On APs, arbitrary code execution in SMM may occur. • https://github.com/coreboot/coreboot/commit/afb7a814783cda12f5b72167163b9109ee1d15a7 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1441 – Debian Security Advisory 5411-1
https://notcve.org/view.php?id=CVE-2022-1441
25 Apr 2022 — Sin embargo, el contenido leído desde "bs" es controlable por el usuario, así como la longitud, lo que causa un desbordamiento del buffer Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •